CVE-2010-4514

DotNetNuke 5.05.01 and 5.06.00 - Cross-Site Scripting via __VIEWSTATE Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-4514. PoCs published by Richard Brain.

AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in DotNetNuke 5.5.1, where user-supplied input is not properly sanitized. The example demonstrates how an attacker could inject a script tag into the __VIEWSTATE parameter to execute arbitrary JavaScript in the context of the affected site.

Description

Cross-site scripting (XSS) vulnerability in Install/InstallWizard.aspx in DotNetNuke 5.05.01 and 5.06.00 allows remote attackers to inject arbitrary web script or HTML via the __VIEWSTATE parameter. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Richard Brain · textwebappsasp

https://www.exploit-db.com/exploits/35045

View Code ZIP pw:eip

The provided text describes a cross-site scripting (XSS) vulnerability in DotNetNuke 5.5.1, where user-supplied input is not properly sanitized. The example demonstrates how an attacker could inject a script tag into the __VIEWSTATE parameter to execute arbitrary JavaScript in the context of the affected site.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: DotNetNuke 5.5.1

No auth needed

Prerequisites: Access to the vulnerable Install/InstallWizard.aspx page

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Exploit x_refsource_misc

http://packetstormsecurity.org/files/view/96378/PR10-19.txt

Exploit x_refsource_misc

http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-19

Exploit vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1024828

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/42478

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/45180

Scores

EPSS 0.0153

EPSS Percentile 71.4%

Details

CWE

CWE-79

Status published

Products (4)

dnnsoftware/dotnetnuke 5.05.01

dnnsoftware/dotnetnuke 5.06.00

dotnetnuke/dotnetnuke 5.05.01

dotnetnuke/dotnetnuke 5.06.00

Published Dec 09, 2010

Tracked Since Feb 18, 2026